A new group of cybercriminals are conducting targeted attacks on the healthcare sector, including hacking devices that control X-ray and MRI machines, according to cybersecurity software company Symantec.

Dubbed Orangeworm, the hackers are focused largely on the US, but also have a footprint in Asia and Europe.

'Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry, likely for the purpose of corporate espionage,' Symantec said.

The backdoor trojan was found within large international corporations on machines used to control high-tech imaging devices such as X-ray and MRI scanners.

Almost 40 per cent of the group's known victims affected by the Trojan.Kwampirs malware, which provides the attackers with remote access to the compromised computer, operate within the healthcare industry.

They were targeted 'carefully, deliberately and likely for the purpose of ongoing corporate espionage', Symantec said.

The backdoor trojan was found within large international corporations on machines used to control high-tech imaging devices such as X-ray and MRI scanners..

'Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures,' Symantec said in a post on its threat intelligence blog.

Share this article

Share

43 shares

The company believes the attacks are the work of an individual or small group, rather than a state-sponsored sector.

'While Orangeworm is known to have been active for at least several years, we do not believe that the group bears any hallmarks of a state-sponsored actor—it is likely the work of an individual or a small group of individuals,' the firm said.

'There are currently no technical or operational indicators to ascertain the origin of the group.

Orangeworm's motives remain unclear.

The biggest number of Orangeworm’s victims are located in the U.S., accounting for 17 percent of the infection rate

The biggest number of Orangeworm’s victims are located in the U.S., accounting for 17 percent of the infection rate by region.

'While Orangeworm has impacted only a small set of victims in 2016 and 2017 according to Symantec telemetry, we have seen infections in multiple countries due to the nature of the victims operating large international corporations.'

'We believe that these industries have also been targeted as part of a larger supply-chain attack in order for Orangeworm to get access to their intended victims related to healthcare.

'While these industries may appear to be unrelated, we found them to have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly into healthcare firms, IT organizations that provide support services to medical clinics, and logistical organizations that deliver healthcare products.'